IN THE CLAIMS: 

Please AMEND the claims as follows: 



1 . (Once Amended) A method for transmitting and receiving packets of data 
via [a] an internetwork for a first host computer on a first computer network to a second host 
computer on a second computer network, the ffrst and second computer networks including, 



respectively, first and second bridge computers 
and first and second bridge computers including 
instructions for execution by the processor, each 
further including memory for storing at least one 



each of said first and second host computers 
a processor and a memory for storing 
of said first and second bridge computers 
predetermined encryption/decryption 



mechanism and information identifying a predetermined plurality of host computers as hosts 
requiring security for packets transmitted betwec n them, the method being carried [carded] 
out [be] by means of the instructions stored on ^Jaid respective memories and including the 
steps of: 

(1) generating, by the first host corrfputer, a first data packet for transmission to 
the second host computer, a portion of/the first data packet including information 
representing an internetwork address <pf the first host computer and internetwork 
address of the second host computer^ 

(2) in the first bridge computer, intercepting the first data packet and determining 
whether the first and second host computers are among the predetermined plurality of 
host computers for which security^ required, and if not, proceeding to step 5, and if 
so, proceeding to step 3; 

(3) encrypting the first data Jacket in the first bridge computer; 

(4) in the first bridge computer, generating and appending to the encrypted first 
data packet an encapsulation header, including: 

(a) key management information [identifying] providing a mechanism for 
identifying the predete mined encryption method, and 

(b) a new address leader representing the source and destination for the 
first data packet, heret y generating a modified first data packet; 

(5) transmitting the first d ata packet or the modified first data packet from the first 
bridge computer via the internetwork to the second computer network; 
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(6) intercepting the first d^ta packet or the modified first data packet at the second 
bridge computer; 

(7) in the second bridge coniputer, if the encapsulation header has been appended 
to the first data packet, rekding the encapsulation header, and determining 
therefrom whether the first data packet was encrypted, [and if not, proceeding 



to step 10, and if so, procec ding to step 8] and if it is determined that the first 
data packet has been encrvt ted, proceeding to step 8 and otherwise proceeding 



er, determining which encryption mechanism was 



to step 10 ; 

(8) in the second bridge compv 
used to encrypt the first data packej; 

(9) decrypting the first data pacjket by the second bridge computer; 

(10) transmitting the first data packet from the second bridge computer to the 
second host computer[,] ; and 

(11) receiving the unencrypted Erst data packet at the second host computer. 



2. (Once Amended) Thjb method of claim 1, wherein the new address header 
for the modified first data packet includfes the address of the second bridge computer. 

3. (Once Amended) JThe method of claim 2, wherein the new address header 
for the modified first data packet inc/udes an identifier of the second bridge computer. 

4. (Once Amended) / The method of claim 1, wherein the new address header 
of the modified first data packet includes the address of the second host computer. 

5. (Once Amended)' The method of claim 4, wherein the new address header 
for the modified first data packirt includes an identifier of the second bridge computer. 



6. (Once Amended) A system for automatically encrypting and decrypting 
data packets transmitted frorr a first host computer on a first computer network to a second 
host computer on a second cc mputer network, including: 

a first bridge c omputer coupled to the first computer network for intercepting 
data packets transmitted from said first computer network, the first bridge computer 
including a first processor and a first memory storing instructions for executing 
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v 

encryption of data packets acc >rding to a predetermined encryption/decryption 
mechanism; 

a second bridge computer coupled to the second computer network for 
intercepting data packets transi nitted to said second computer network, the second 
bridge computer including a second processor and a second memory storing 
instructions for executing decryption of the data packets; 

said first host computer including a third processor and a third memory 
including instructions for transmitting a first [said] data packet from said first host to 
said second host; 

a first table stored infeaid first memory including a correlation of at least one 
of the first host computer and the first network with one of the second host computer 
and the second network, respectively; 

instructions stored An said first memory for intercepting said first data packet 
before departure from said first network, determining whether said correlation is 
present in said first table( and if so, then executing encryption of said first data packet 
according to said predetermined encryption/decryption mechanism, generating a new 
address header including a mechanism for identifying said predetermined 
encrvption/decrvption/mechanism and appending said new address header to said 
encrypted first data picket, thereby generating a modified first data packet, and 
transmitting said mortified first data packet on to the second host computer; 

a second table stored in said second memory including a correlation of at least 
one of the first hostf computer and the first network with one of the second host 
computer and the second network, respectively; and 

instructions stored in said second memory for intercepting said modified first 
data packet upon/arrival at said second network, determining whether said correlation 
is present in said second table, and if so, then executing decryption of said first data 
packet according to said predetermined encryption/decryption mechanism, and 
transmitting the first data packet to the second host computer. 



7. (Once Amended) [The method of claim 6,] A system for automatically 
encrypting and decrypting data packets transmitted from a first host computer on a first 
computer network to alsecond host computer on a second computer network, including: 

a first bridge computer coupled to the first computer network for intercepting 
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data packets transmitted from s£ 


id first computer network, the first bridge computer 


including a first processor and a 


first memory storing instructions for executing 


encryption of data packets accor 


ling to a predetermined encryption/decryption 


mechanism;' 

, a second bridge compute 


■ coupled to the second computer network for 


intercepting data packets transm 


V 

tied to said second computer network, the second 


bridge computer including a sedond processor and a second memory storing 
instructions for executing decryption of the data packets; 



said first host computet including a third processor and a third memory 

including instructions for transmitting a first data packet from said first host to said 
second host; / 

a first table stored in said first memory including a correlation of at least one 

of the first host computer afrid the first network with one of the second host computer 
and the second network, respectively; 

instructions stored in said first memory for intercepting said first data packet 

before departure from said first network, determining whether said correlation is 
present in said first table, and if so, then executing encryption of said first data packet 
according to said predetermined encryption/decryption mechanism, generating a new 
address header and/appending said new address header to said encrypted first data 
packet, thereby generating a modified first data packet, and transmitting said modified 
first data packet @n to the second host computer, wherein said new address header 
includes [the] internetwork broadcast addresses of the first and second computer 
networks[.]; / 

a second table stored in said second memory including a correlation of at least 

one of the first host computer and the first network with one of the second host 
computer ana the second network, respectively; and 



instructions 


;tored in said second memory for intercepting said modified first data 


packet upon arrival 


at said second network, determining whether said correlation is present in 


said second table, a 


id if so, then executing decryption of said first data packet' according to 


said predetermined 


encryption/decryption mechanism, and transmitting the first data packet 


to the second host c 
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of the 



8. The method of claim 7, wherein said new address header includes an identifier 
second bridge computer. 



9. The method of claim 6, wherein said new address header includes the address 
of the second host computer. 

10. The method of claim 9, wherein said new address header includes an identifier 
of the second bridge computer. 

1 1 . (Once Amended) A mjbthod for transmitting and receiving packets of data 
via an internetwork from a first host computer on a first computer network to a second host 
computer on a second computer network,! [the first and second computer networks,] each of 
said first and second host computer networks, each of said first and second host computers 
including a processor and a memory for Storing instructions for execution by the processor, ' 
each said memory storing at least [on] a predetermined encryption/decryption mechanism and 
a source/destination table identifying a predetermined plurality of sources and destinations 
requiring security for packets transmitted between them, the method being carried [carded] 
out by means of the instructions stored /in said respective memories and including the steps 
of: 

(1) generating, by the first host computer, a first data packet for transmission to 
the second host computer, a pirtion of the first data packet including information 
representing an internetwork address of a source of the first data packet and an 
internetwork address of a destination of the first data p acket; 

(2) in the first host computer, determining whether the source and destination of 
the first data packet are among the predetermined plurality of sources and destinations 
identified in said source/ddstination table for which security is required, and if not, 
proceeding to step 5, and if so, proceeding to step 3; 

(3) encrypting the firsi data packet in the first host computer; 

(4) in the first host computer, generating and appending to the encrypted first data 
packet an encapsulation \ eader, including: 

(a) key management information providing a mechanism for identifying 
the predetermined! encryption method, and 

(b) a new address header identifying the source and destination for the first 
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' data packet , hereby generating a modified first data packet ; 

(5) transmitting the first data packet or the modified first data packet from the first 
host computer via the internetwork to the second computer network; 

(6) in the second host computer, if the encapsulation header has been appended to 
the first data packet, reading the encapsulation header, and determining therefrom 
whether the first data packet was encrypted, and if the first data packet was not 
encrypted T notl, ending the Jnethod, and if fsol the first data packet was encrypted , 
proceeding to step 7; 

(7) in the second host coinputer, determining which encryption mechanism was 

. racket; and 

ta packet by the second host computer. 



used to encrypt the first data 
(8) decrypting the first d 



1 2 . (Once Amended) 
header for the modified first data 
and second computer networks. 



1 3 . The method of claim 
identifying internetwork addresses oflthe 



The method of claim 11, wherein the new address 
padket includes internetwork broadcast addresses of the first 



1, wherein the source/destination table includes data 
first and second host computers. 



14. (Once Amended) 
data packets transmitted from a first 
first host computer on a first compute 
processor and a first memory, via an 



A. system for automatically encrypting and decrypting 
Host computer on a first computer network [and having a 
network and] , the first host computer haying a^first * 
internetwork to a second host computer on a second 
computer network [and having a seco id host computer on a second computer network and] a 
the second host computer having a se ;ond processor and a second memory, the system . ' 



including: 



security data stored in 



said first and second memories indicating that data 
packets meeting at least one predetermined criterion are to be encrypted; 

a predetermined encr /ption/decryption mechanism stored in said first and 
second memories; 

a decryption key stored in'said second memory; 
instructions stored inkaid first memory for determining whether to encrypt 
one or more data packets, by determining whether said at least one predetermined 
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criterion is met by said Vone or more data packets [data packet]; 

instructions stored in said first memory for executing encryption according to 
said predetermined encrrotion/decryption mechanism of at least a first [said data 
packet] one of said one or more data packets , when said at least one predetermined 
criterion is met, for generatWg a new address header for said first data packet and for 
appending an encapsulation header to said first data packet and transmitting said first 
data packet to said second host, said new address header identifying broadcast 
addresses of the first and second computer networks, said encapsulation header 
including at least said new adfflress header; and 

instructions stored in said second memory for receiving said first data packet, 
determining whether it has bean encrypted by reference to said security data in said 
second memory, and if so thenldetermining which encryption/decryption mechanism 
was used for encryption, and decrypting said first data packet by use of said 
decryption key. 

15. (Once Amended) the system of claim 14, wherein: 
said security data comprises correlation data stored in each of said first and 

second memories [identifying jat least one of said first and second memories] 
identifying at least one of said first host computer and said first network correlated 
with at least one of said second host computer and said second network; 

the system further including instructions stored in said first memory for 
determining whether to encrypt data packets by inspecting for a match between source 
and destination addresses of /said data packets with said correlation data. 

16. (Once Amended) I A system for automatically encrypting data packets for 
transmission from a first host computer on a first computer network to a second host 
computer on a second computer network, said first host computer including a first processor 
and a first memory including instijuctions for transmitting said data packets from said first 
host to said second host, the system including: 

a bridge computer Loupled to the first computer network for intercepting at 
least a first [said] data packet transmitted from said first computer network, said 
bridge computer including |a second processor and a second memory storing 
instructions for executing encryption of said first data packet according to a 
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predetermined encryption/decryption mechanism; 

information stored ir^ said second memory correlating at least one of the first 
host computer and the first n^fwork with one of the second host computer and the 
second network, respectively; knd 

instructions stored in sakl second memory for intercepting said first data 
packet before departure from said first network, determining whether said correlation 
is present, and if so, then execut: ng encryption of said first data packet according to 
said predetermined encryption/decryption mechanism, generating a new address 
header including a mechanism fc r identifying said predetermined 



data packet, thereby generating 
computer. 



encryption/decryption mechanisi i and appending said new address header to said first 



modified first data packet on to the second host 



1 7. (Once Amended) N method for transmitting packets of data via an 
internetwork from a first host computep* on a first computer network to a second host 
computer on a second computer network, the first computer networks including a first bridge 
computer, each of said first and second host computers and said bridge computer further 
including memory storing at least one predetermined encryption/decryption mechanism and 
information identifying a predetermined plurality of host computers as hosts requiring 
security for packets transmitted between them, the method being carried out according to the 
instructions stored in said respective memories and including the steps of: 

(1) generating, by the first host computer, a first data packet for transmission to 
the second host computer, a portion of the first data packet including information 
representing an internetwork address of the first host computer and an internetwork 
address of the second hosi computer. 

(2) in the first bridge computer, intercepting the first data packet and determining 
whether the first and secc nd host computers are among the predetermined plurality of 
host computers for whict security is required, and if not, proceeding to step 5, and if 
so, proceeding to step 3; 

(3) encrypting the first data packet in the first bridge computer; 

(4) in the first bridge Computer, generating and appending to the first data packet 
an encapsulation header, including: 

(a) key management information providing a mechanism for identifying 
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the predetermined encryption method, and 

(b) a new addrdss header representing the source and destination for the 
data packet^^tfereby generating a modified first data packet; and 
(5) transmitting the first data packet or the modified first data packet from the first 
bridge cojn^uter via the internetwork to the second computer network. 



18. (Once Amended) A systerp for automatically decrypting data packets 
transmitted from a first computer to a second/computer, the system comprising: 

a bridge coupled to the seconfl computer for intercepting a data packet from 

the first computer, the data packet having an address header and a body, the address 
header including^fe^adcast addresses of the first and second computers, the bridge 
including a processor apd a memory that stores instructions for decrypting data 
packets; 

information stored in the/memory of the bridge correlating the first and second 

computers; and 

instructions^stored in thfe memory for intercepting the data packet, determining 

whether the information storefl in the memory of the bridge correlates the first and 
second computers, and if so,&lecrypting the data packet to generate a new data packet 
including a new address header, and transmitting the new data packet onto the second 
computer. 

19. (Once Amended) / The system of claim 18, wherein the data packet 
includes the new data packet in encrypted form. 



^ ft^ — (^rrrri^Tft^FH^ ) A system for automr i liT^i tori erj^ 
transmitted from a first computer to a second computer, the system comprising: 

a brid^ctmoted to the second computer for intercepting a data packet from 

the first computer, the datap&sket including a header storing key management 
information providing a mechani^TlSHdentifying an encryption method used to 
encrypt the new-d^tapacl^et, the bridge includin^ajjrocessor and a memory that 



t and second 



stores instructions for decrypting data packets; 
information stored in the memory of the bridge correlating 



computers; and 



/ 



/ 
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< — — instructions stored in the memory for intercepting the data packet, determining 
whether the informa5oiTst5refa^ memory of the bridge correlates the first and 
second computers, and if so. decrypting the datap3cket4Q generate a new data packet 



including a new address header, and transmitting the new data padceTontQ-the second 



eempu tec 



21. The method of claim 1 8, wherein the new address header includes information 



indicating the first computer is a source of the new data packet and the second computer is a 



destination of the new data packet. 



22. (Once Amended) 



A method for receiving data packets from a first 



computer to a second computer through a bridge including a processor and a memory that 



stores instructions for decrypting dat a. packets and information correlating the first and 



second computers, the method being 




s, the 
►mpri 



carried out according to instructions in the memory of 



the bridge and comprising: 

intercepting a data packet from the first computer to the second computer, the 



data packet including an address header and a body, the address header including 
broadcast addresses of the first and second computers and the body including address 



information representing ah internetwork address of the first computer and an 
internetwork /address of the second computer, wherein the address information is 
encrypted; / 

determining whetner the information stored in the memory of the bridge 

correlates the first and second computers, and if so, decrypting the data packet to 
generate a new data packet including a new address header; and 



transmitting the . 



new data packet in encrypted 



new data packet on to the second computer. 



23. (Once Amende i) The method of claim 22, wherein the body includes the 



orm. 



24. (Once Amended) A method for receiving data packets from a first 



computer to a second computer through a bridge including a processor and a memory that 
stores instructions for decrypting data packets and information correlating the first and 
second computers, the methodbeing carried out according to instructions in the memory of 
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the bridge and comprising: 

intercepting a data packet from the first computer to the second computer, the 

data packet including information representing an internetwork address of the first 
computer and anunternetwork address of the second computer; 

determining whether the information stored in the memory of the bridge 

correlates the firsthand second computers, and if so, decrypting the data packet to 
generate a new data packet including a new address header; and 

transmitting the new data packet on to the second computer; 

wherein the data packet includes a header storing key management information 

providing a mechanism for Identifying an encryption method used to encrypt the new data 

packet. 



< 25~\^The method op claim 22, wherein the new address header includes information 
le first* 



indicating the 




omputerhs a source of the new data packet and the second computer is a 



destination of the new data packet 



26. 



nee Amended) A method of encrypting data packets, comprising: 



receiving a data packet from a source for a destination, the data packet including a 



header section and a data secfion, the header section storing a source identifier and a 
destination identifier; 

determining whether the data packet should be encrypted upon reference to at least 



one of the source and destin; 



if the data packet sho ild be encrypted, encrypting the data packet to produce an 



ion identifiers; 



encrypted data packet; and 
generating a new adc ress header and appending the new address header to the 



encrypted data packet, there >v generating a modified data packet; 



wherein the new address header includes a mechanism for identifying an encryption 



method used to generate the encrypted data packet 



27. (Once Amended) The method of claim 26, further comprising 
transmitting the modified dafc packet to the destination. 



28. The method oAclaim 26, wherein the determining whether the data packet 
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should be encrypted comprises accessing stored information that indicates by presence or 
absence of the source identifier that data packets from the source should be encrypted. 

29. The method &f claim 26, wherein the determining whether the data packet 
should be encrypted comprises accessing stored information that indicates by presence or 
absence of a correlation between the source and destination identifiers that data packets from 
the source for the destination should be encrypted. 



30. (Once Amended) The method of claim 26, wherein the encrypted data 



packet includes an encrypted data packet header section and an encrypted data packet data 



section, the encrypted data pact 



et header section including the header section of the data 



packet after encryption and the 



encrypted data packet data section including the data section 



of the data packet after encryption, the modified data packet including a header portion 



storing the new address header 



31. 



The method of c 



z nd a data portion storing the encrypted data packet. 



stores the sourbg an^ destination identifiers 



dm 30, wherein the encrypted data packet header section 



32. (On£e Amended) A method of encrypting data packets, comprising: 

receiving a data packet from a source for a destination, the data packet including a 

header section and a data sectiyn, the header section storing a source identifier and a 
destination identifier; 

determining whether tfte data packet should be encrypted upon reference to at least 

one of the source and destination identifiers; 

if the data packet sho/ild be encrypted, encrypting the data packet to produce an 

encrypted data packet; and 

generating a new adflress header and appending the new address header to the 

encrypted data packet, thereby generating a modified data packet; 

wherein the encrypted data packet includes an encrypted data packet header section 



and an encrypted data pact et data section, the encrypted data packet header section including 



the header section of the data packet after encryption and the encrypted data packet data 



section including the data s ection of the data packet after encryption, the modified data 



packet including a header portion storing the new address header and a data portion storing 
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the encrypted datavpacket; 

wherein tha source is a host computer in a network and the header portion of the 
modified data packet stores an identifier of the network. 




33. (Once Amended) . A method of encrypting data packets, comprising: 

receiving a datapacket from a source for a destination, the data packet including a 

header section and a datq. section, the header section storing a source identifier and a 
destination identifier; 

determining whether the data packet should be encrypted upon reference to at least 

one of the source and destination identifiers; 

if the data packet slyuld be encrypted, encrypting the data packet to produce an 

encrypted data packet; and 

generating a new address header and appending the new address header to the 

encrypted data packet, theretw generating a modified data packet; 

where^the^ncrypteqdata packet includes an encrypted data packet header section 
and an encrypted^ta packet llata section, the encrypted data packet header section including 
y the header sectioi/ of the data packet after encryption and the encrypted data packet data 



section including the data section of the data packet after encryption, the modified data 



packet including a header portion storing the new address header and a data portion storing 



the encrypted data packet; 

wherein the destination 



modified data packet stores an 



identifier of the network. 



34. The method of claim 26, wherein the source is a host computer or a network. 



network. 



is a host computer in a network and the header portion of the 



35. The method of claim 26, wherein the destination is a host computer or a 



36. (Once Amended) A computer program product adapted for encrypting 



data packets, comprising: 

computer code that wh^n executed causes the reception of a data packet from a source 



for a destination, the data packet including a header section and a data section, and the header 
section storing a source identifier and a destination identifier; 
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ut^r 



computer code that when executed causes the determination of whether the data 

packet should be Encrypted upon reference to at least one of the source and destination 
identifiers; 

computer cocfe that when executed, if the data packet should be encrypted, causes the 

encryption of the data packet to produce an encrypted data packet; 

computer code tnat when executed causes the generation of a new address header and 
appends the new address Vieader to the encrypted data packet, the new address header 
including a mechanism for identifying an encryption method used to generate the encrypted 
data packet, thereby generating a modified data packet; and 
a computer readable\medium that stores the computer codes. 

37. The computer pro gram product of claim 36, wherein the computer readable 
medium is a memory, randomVaccess-memory, read-only-memory, disk drive, or CD-ROM. 



38. (Once Amende< 



comprising: 
a processor; 



a computer readable medium coupled to the processor and storing a computer 



program composing: 

computer code tl 



A computer system for encrypting data packets, 



at when executed by the processor causes the processor to 



receive a/data packet from a source for a destination, the data packet including a 



header section and a dat i section, and the header section storing a source identifier 



and a destination identifier; 

computer code tpat when executed by the processor causes the processor to 



determine whether the data packet should be encrypted upon reference to at least one 



of the source and destii ation identifiers; 



computer code 



encrypt the data packet 



lat when executed by the processor causes the processor to 



to produce an encrypted data packet when it is determined that 



the data packet should 



)e encrypted; and 



computer code 



Lat when executed bv the processor causes the processor to 



generate a new address neader and append the new address header to the encrypted 
data packet, thereby generating a modified data packet; 

wherein thenew add ress header includes a mechanism for identifying an 
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encryption metnod used to generate the encrypted data packet. 



39. The computer program product of claim 38, wherein the computer readable 
medium is a memory, ranilom-access-memory, read-only-memory, disk drive, or CD-ROM. 



40. (Once 
receiving a data 



Amended) A method of decrypting data packets, comprising: 
padket from a source for a destination, the data packet including a 



header section and a data s< action, and the header section storing a source identifier 



identifying a broadcast add ess of the source and a destination identifier identifying a 



determining whethei 


the data packet is^encrvpted upon reference to at least one of the 


source and destination ident 


fiers; and 


if the data packet is encrypted, decrypting the data packet to produce a decrypted data 


packet. 

41. - — The^nethodc 


f claim 40, further comprising transmitting the decrypted data 


packet to the d^iry/tion. 

42. The method 


)f claim 40, wherein the determining whether the data packet is 


encrypted comprises access 


ng stored information that indicates by presence or absence of the 



source identifier that data packets from the source are encrypted. 

43. The method of claim 40, wherein the determining whether the data packet is 

encrypted comprises accessing stored information that indicates by presence or absence of a 
correlation between the source and destination identifiers that data packets from the source 



for the destination are en :rypted 



~~~44: T^iiaeth3d^^Mffl-40rwher of th o da ta-packet incl udes 



an encrypted header sect on and an encrypted da ta sectiuu for the do 6fvptedjiiata packet. 



45. The methoM of claim 44, wherein the encrypted header section stores the 

source and destination identifiers. 
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46. The method of claim 44. wherein the source is a network and the encrypted 

header section stores amidentifier of a host computer in the network. 



47. The methon of claim 44, wherein the destination is a network and the 

encrypted header section stores an identifier of a host computer in the network. 

48. The method of claim 40, wherein the source is a host computer or a network. 



49. The method c f claim 40, wherein the destination is a host computer or a 



computer code that w 



network. 

50. (Once Amende d) A computer program product adapted for decrypting 
data packets, comprising: 



en executed causes the reception of a data packet from a source 



for a destination, the data paclet including a header section and a data section, and the header 



section st oring a s ource identi 



ler identifying a broadcast address of the source and a 



destination idefrtifipr identifying a broadcast address of the destination; 

computerJode that wnen executed causes the determination of whether the data 

packet is encrypted upon reference to at least one of the source and destination identifiers; 

computet code that when executed and if the data packet is encrypted, causes the 

decryption of the data packet to produce a decrypted data packet; and 
a computer readable medium that stores the computer codes. 

5 1 . The computer program product of claim 50, wherein the computer readable 

medium is a memory, ranaom-access-memory, read-only-memory, disk drive, or CD-ROM. 



52. (Once Amended) A computer system for decrypting data packets, 
comprising: 
a processor; 

a computer readable medium coupled to the processor and storing a computer 



program comprising: 
comput 



r code that when executed on the processor causes the processor to 
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receive a data packet from a source for a destination, the data packet including a 
header section andla data section, and the header section storing a source identifier 
identifying a broadcast address of the source and a destination identifier identifying a 
broadcast address of the destination; 

computer coae that when executed on the processor causes the processor to 

determine whether the data packet is encrypted upon reference to at least one of the 
source and destination identifiers; and 

computer codelthat when executed on the processor causes the processor to if 

is encntpted, decrypt the data packet to produce a decrypted data 




53. The computer program product of claim 52, wherein the computer readable 



medium is a memory, random 



access-memory, read-only-memory, disk drive, or CD-ROM. 



Please ADD new claims as follows: 



54. A system for automatically encrypting and decrypting data packets transmitted from a 
first host computer on a first computed network, the first host computer having a first 
processor and a first memory, via an internetwork to a second host computer on a second 
computer network, the second host cfcmputer having a second processor and a second 



memory, the svstern i: 




ng: 



security Hats stored ih said first and second memories indicating that data 



packets meeting at east onf predetermined criterion are to be encrypted; 

instructions) stored In said first memory for determining whether to encrypt 

one or more data packets, py determining whether said at least one predetermined 
criterion is met by said oire or more data packets; 

instructions stored in said first memory for executing encryption of at least a 

first one of said one or more data packets according to a predetermined 
encryption/decryption mechanism, when said at least one predetermined criterion is 
met, for generating a new address header for said first data packet and for appending 



an encapsulation header to said first data packet and transmitting said first data packet 



to said second host, said encapsulation header including said new address header and 
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\ 

a mechanism Yor identifying said predetermined encryption/decryption mechanism; 
instructions stored in said second memory for receiving said first data packet. 



tipns 
r he\he 



determining whether it has been encrypted by reference to said security data in said 
second memory, aJad if so then determining which encryption/decryption mechanism 
was used for encryption, and decrypting said first data packet by use of said 
encryption/decryptio\i mechanism. 

55. The system as recited m claim 54, wherein said predetermined encryption/decryption 
mechanism is provided in encAypted form within said encapsulation header. 



56. 



The system of claim 151 wherein said correlation data includes: 

encryption rules identifying source and destination networks to and from which 



packets are to be encrypted; and 



host information indicating exceptions to the encryption rules. 



57. A system for automatical 



y encrypting data packets for transmission from a first host 



computer on a first computer net\ fork to a second host computer on a second computer 



network, said first host computer 



ncluding a first processor and a first memory including 



instructions for transmitting saic 



( ata packets from said first hbst.to said second host, the 



system including: 

a bridg^ computer 



coupled to the first computer network for intercepting at 



least a first dam packet tra ismitted from said first computer network, said bridge 



computer including a seccnd processor and a second memory storing instructions for 



executing encryption of si ; 



encryption/decryption mechanism 



information storec 



second network, respectively; and 



instructions storec 



id first data packet according to a predetermined 



in said second memory correlating at least one of the first 



host computer and the fir it network with one of the second host computer and the 



in said second memory for intercepting said first data 



packet before departure from saic 



first network, determining whether said correlation is 



present, and if so, then executing encryption of said first data packet according to said 



predetermined encrvption/decryptyn mechanism, generating a new address header including 
the internetwork broadcast addresses of the first and second computer networks and 
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appending said new addrbss header to said first data packet, thereby generating a modified 
first data packet on to the sbcond host computer. 



58. A computer program product adapted for encrypting data packets, comprising: 

computer code that whemexecuted on a computer causes the computer to receive a 

data packet from a source for a destination, the data packet including a header section and a 
data section, and the header section storing a source identifier and a destination identifier; 



computer code that when e 



cecuted on a computer causes the computer to determine 



whether the data packet should be 



encrypted upon reference to at least one of the source and 



destination identifiers; 

computer code that when executed on a computer causes the computer to, if the data 



packet should be encrypted, encrypi the data packet to produce an encrypted data packet; 



computer code that when executed on a computer causes the computer to generate a 



new address header storing at least pne of a broadcast address associated with the source and 
a broadcast address associated witn the destination, and append the new address header to the 
encrypted data packet, thereby generating a modified data packet; and 

a computer readable medium that stores the computer codes. 



59. A computer system for encrypting data packets, comprising: 



a processor; 



a computer readable medium coupled to the processor storing a computer program 



comprising: 



computer code that when executed by the processor causes the processor to 



receive a data packet from a source for a destination, the data packet including a 



and a destination identifier; 



computer code 



header section and a da :a section, and the header section storing a source identifier 



iat when executed by the processor causes the processor to 



determine whether the data packet should be encrypted upon reference to at least one 
of the source and destination identifiers; 

computer code tHat when executed by the processor causes the processor to if 

the data packet should be\encrvpted, encrypt the data packet to produce an encrypted 
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data packet; and 

computer code that when executed by the processor causes the processor to 
generate a new address header storing at least one of a broadcast address associated 
the source and a Broadcast address associated with the destination, and append the 
new address heady to the encrypted data packet, thereby generating a modified data 
packet. 



60: A^ethod^of decrypting data packgtsrcomprising: 

receiving a craCTpacKaLfrom a source for a destination, the data packet including a 
header section and a data sectlonTand!^ storing a source identifier, a 

destination identifier, and encrVption information providim^^ for identifying an 

encryption method used to generate the data packet; and 

decrypting the data p arV kt t n prnHnre a H ecrypted-dat a packe d 



61 . The method as recited in $laim 60, further comprising: 



determini] 



wherein deer 



the heac er section whether the data packet is encrypted; and 



ing the da 



a packet to produce a decrypted data packet is performed if 



it is determined that the data packet is encrypted. 



62. 



The method as recited in ( 



decrypted data packet comprises: 
decrypting at least one of 



decrypting at least one of the packet header and the packet body. 



aim 60, wherein decrypting the data packet to produce a 



le data section of the data packet and the encryption 



information. 



63. The method as recited in c laim 60, wherein the data section includes a packet header 



and a packet body, and wherein decrypting the data section of the data packet comprises 



64r^===^2^omguter pro gram product adapted for decrypting data packets, comprising: 

computer code that whene5feetited-o*^^^ the computer to receive a 

data packet from a source for a destination, the data packet includingaTTeadei^section and a 
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cfeta^section, and lye header section storing a source identifier, a destination identifier and 
encryption mtonTISBfen-melttding^ mechanism for identifying an encryption method used to 
generate the data paqket; 

computer codd that when executed on a computer caus&s4he computer to decrypt the 

data packet to produce )a decrypted data packet; and 

a cnmp ntf n^adakl s medium that 3torc Fi t h e co rp p"*^ r-nH^g 




65. The computer program product as recited in claim 64, further comprising: 

computer code thatlwhen executed on a computer causes the computer to determine 
from the header section whether the data packet is encrypted; and 

computerfrode that when executed on a computer causes the computer to decrypt the 
data packet i£ it is qeterminefl that the data packet is encrypted. 



66. 



The computer program product as recited in claim 64, further comprising: 
computer code that wl en executed on a computer causes the computer to decrypt the 



data packet using/ the encrypti< m method. 




A-computer svstenfrfi 



essor; 



a computeh^eadable medium coupled to the processor storing a computer program 



comprising: 



computer code 



receive a data packet from 



header section and a data section 



ata-TTacketsr compriGing: 



*at when executed on the processor causes the processor to 



ria^sbw 



ce for a destination, the data packet including a 



l/ancNh* 



e header section storing a source identifier, a 



destination identifier aid encryption infonn&iqn including a mechanism for 



computer code 



determine from the hea der section whether the data packet is en&rvpted; and 



computer code 



- packet. 



rate^the 



identifying an encryptii m method used to generatetfae data packet; 

that when executed on the processbtLcauses the processor to 



lat when executed on the processor causes the processor to if 



the data packet is encrypted, decrypt the data packet to produce a decrypted 




68. The computer system as recited in claim 67, further comprising: 
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